Preamble
Laravel Passport is built on top of the League OAuth2 server developed by Andy Millington and Simon Ham.
Setting
- Install Passport via the Composer package manager:
1 2 | composer require laravel/passport |
Laravel Passport provides several migration classes to create the necessary tables to store authorization codes, access tokens, refresh tokens, personal access tokens, and client information (a list of migration files can be found here). To install the necessary tables for Laravel Passport, we use the following command:
1 2 | php artisan migrate |
Next, you should execute the passport:install Artisan command. This command will generate the encryption keys needed to generate a secure access token
1 2 | php artisan passport:install |
After running passport:install , add LaravelPassportHasApiTokens to AppModelsUser
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | <?php namespace AppModels; use IlluminateDatabaseEloquentFactoriesHasFactory; use IlluminateFoundationAuthUser as Authenticatable; use IlluminateNotificationsNotifiable; use LaravelPassportHasApiTokens; class User extends Authenticatable { use HasApiTokens, HasFactory, Notifiable; } |
Finally, in your application config/auth.php file you should define an authentication guard api and set the optional driver to passport
1 2 3 4 5 6 7 8 9 10 11 12 | 'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'api' => [ 'driver' => 'passport', 'provider' => 'users', ], ], |
Token Lifecycle Configuration By default, Passport issues a lifetime access token that expires after one year. If you want to configure longer/shorter token lifetime, you can use tokensExpireIn, refreshTokensExpireIn and personalAccessTokensExpireIn methods in AppProvidersAuthServiceProvider
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | /** * Register any authentication / authorization services. * * @return void */ public function boot() { $this->registerPolicies(); Passport::tokensExpireIn(now()->addDays(15)); Passport::refreshTokensExpireIn(now()->addDays(30)); Passport::personalAccessTokensExpireIn(now()->addMonths(6)); } |
Create Api Routes
1 2 3 4 5 6 7 8 9 10 11 12 13 | <?php use IlluminateHttpRequest; Route::group([ 'prefix' => 'auth' ], function () { Route::post('login', 'AuthController@login'); Route::group([ 'middleware' => 'auth:api' ], function() { Route::get('user', 'AuthController@user'); }); }); |
Create Controller First we will create the file AuthController.php in the Controller folder
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 | <?php namespace AppHttpControllers; use IlluminateHttpRequest; use IlluminateSupportFacadesAuth; use CarbonCarbon; use AppUser; class AuthController extends Controller { /** * Login user and create token * * @param [string] email * @param [string] password * @param [boolean] remember_me * @return [string] access_token * @return [string] token_type * @return [string] expires_at */ public function login(Request $request) { $request->validate([ 'email' => 'required|string|email', 'password' => 'required|string', 'remember_me' => 'boolean' ]); $credentials = request(['email', 'password']); if(!Auth::attempt($credentials)) return response()->json([ 'message' => 'Unauthorized' ], 401); $user = $request->user(); $tokenResult = $user->createToken('Personal Access Token'); $token = $tokenResult->token; if ($request->remember_me) $token->expires_at = Carbon::now()->addWeeks(1); $token->save(); return response()->json([ 'access_token' => $tokenResult->accessToken, 'token_type' => 'Bearer', 'expires_at' => Carbon::parse( $tokenResult->token->expires_at )->toDateTimeString() ]); } /** * Get the authenticated User * * @return [json] user object */ public function user(Request $request) { return response()->json($request->user()); } } |